Russian Hackers Use Cyber Conflict Conference in Washington to Infect High Profile Targets in US Military & Intelligence

Hackers backed by the military intelligence agency of Russia are reportedly leveraging a warfare conference in Washington DC to target high profile NATO and US military cyber experts. The International Conference on Cyber Conflict US (CyCon) hosted by the US Army and NATO Cooperative Cyber Defence Centre of Excellence will begin next month and will be packed with NATO and US military cyber defenders. Kremlin-backed hackers have now been spotted running campaigns that are specifically targeting the attendees of this conference.

In a report published over the weekend, security researchers at Cisco Talos revealed that APT28 aka Fancy Bear that was also responsible for the DNC hack last year, has weaponized a legitimate Word document titled “Conference_on_Cyber_Conflict.doc” with malware. Targeting potential attendees of this upcoming cybersecurity conference, researchers have said that the target list is highly lucrative to attackers since they could get a lot of sensitive information from this particular group.

“This conference has a lot of interesting attendees including current serving military members,” Talos wrote. “The attack on these kinds of individuals could yield extremely sensitive information and this is most likely what the actors were hoping for in this instance.”

Known as “Seduploader,” the malware is hidden in a two-page document that has been taken from the official conference website itself. The document was first created by attackers on October 4 with the attacks peaking three days later, on October 7.

Researchers write that the Seduploader reconnaissance malware has long been used by this threat actor and composes of 2 files, including a dropper and payload. This malware doesn’t leverage any zero day flaws and simply contains a malicious Visual Basic for Applications (VBA) macro within the Microsoft Office document. Talos suggests that the group hasn’t used any security flaws “to ensure they remained viable for any other operations.”

“Actors will often not use exploits due to the fact that researchers can find and eventually patch these which renders the actors’ weaponised platforms defunct.”

The event will be attended by infosec experts and top cyber defenders in the country

The event boasts speakers that include the likes of former NSA chiefs and US Senators. Current commanding general of the US Army’s Cyber Command, Paul Nakasone, former US National Security Agency director Keith Alexander, and Senator Martin Heinrich, who is currently on the Senate Intelligence Committee’s investigation into Russia’s election meddling are only some of the high profile names that will be speaking at November’s event.

“Due to the nature of the document, we assume that the targeted people are linked or interested by the cybersecurity landscape,” the team wrote.

Previously, the Advanced Persistent Threat 28 (APT28) – also known as Tsar Team and Sofacy along with several other names – has been linked with the Russian military intelligence agency, GRU and has been alleged of breaching into the networks of the Democratic National Committee ahead of 2016 US Presidential election. The US government has also just released a directive that warned officials of persistent attempted attacks on “government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors” by another hacking group linked to Russia, known as Dragonfly and Energetic Bear.

Follow US

Subscribe

Some posts on Wccftech.com may contain affiliate links. We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com